Ask Your Question
1

RPC: Remote system error and flushing iptables

asked 2018-11-10 16:35:17 -0500

tmdag gravatar image

So I had a problem accessing nfs from one of my machines:

rpcinfo -p 10.0.1.10 10.0.1.10: RPC: Remote system error - No route to hostBut when I flushed iptables on destination machine, everything comes back to normal (until restart) sudo iptables -F

What should i do to make it permanent, so that I don't have to flush in order to connect to that machine ?

I have SELinux disabled (if that has anything to do with it)

edit retag flag offensive close merge delete

Comments

thanks @aeperezt! It's very hard finding proper explanation and documentation regarding iptables. Whatever I find is outdated or poorly explained. I guessed that:

sudo iptables -I INPUT -p tcp --dport 111 -j ACCEPT
sudo iptables -I INPUT -p udp --dport 111 -j ACCEPT
sudo iptables -I INPUT -p udp --dport 2049 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 2049 -j ACCEPT

should at least open ports for nfs. Now I'm trying to find out how to save it :)

>service iptables save
The service command supports only basic LSB actions [...]

that doesn't work :)

tmdag gravatar imagetmdag ( 2018-11-10 17:53:42 -0500 )edit

ok, i found out that 'sudo iptables-save' works.

So here is a wierd one now. When I manually add those above, and save - NFS works fine. But after reboot it doesn't again (even tho I did use 'sudo iptables-save')

tmdag gravatar imagetmdag ( 2018-11-10 18:15:11 -0500 )edit

if you are using ip tables your will find a file in /etc/sysconfig/iptables your ip tables rules should be there, your can edit them with vim on Fedora and centos those rules in the file normally look like "INPUT -p tcp --dport 222 -j ACCEPT" you can add your own rules there and they should survive restart. Now did your remove Firewalld or how do your know you are working with iptables?

aeperezt gravatar imageaeperezt ( 2018-11-10 20:13:35 -0500 )edit

systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: active (running) since Sun 2018-11-11 04:11:13 PST; 6h ago

I did not remove firewalld but science flusing iptables 'worked' i assumed that this is the cause of problems

tmdag gravatar imagetmdag ( 2018-11-11 12:20:58 -0500 )edit

1 Answer

Sort by » oldest newest most voted
2

answered 2018-11-10 17:08:16 -0500

aeperezt gravatar image

Since you mention that flusing iptables allow you to work, that means you need to open proper ports. Now are your using iptables or firewalld if you using firewalld this should solve it:

firewall-cmd --add-service=nfs firewall-cmd --add-service=mountd firewall-cmd --add-service=rpc-bind

If you using iptables you need to open same ports

edit flag offensive delete link more

Comments

I run as you suggested. I got mislead on beginning as i thought it's a single command, then i realized there are no semicolons and those are 3 commands in single line :) But one thing to remember is to run also command below (which i didn't know about till i start googling again. It would be good addition to 'full' answer.

sudo firewall-cmd --runtime-to-permanent
tmdag gravatar imagetmdag ( 2018-11-11 13:11:59 -0500 )edit

Great, and yes your need to make it permanent.

aeperezt gravatar imageaeperezt ( 2018-11-11 15:11:01 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-11-10 16:35:17 -0500

Seen: 26 times

Last updated: Nov 10 '18